Yahoo Announces Breach of One Billion Accounts

Hot on the heels of Yahoo announcing a data breach of 500 million user accounts in September, the company has announced that they have suffered another breach of one billion accounts. Yes, you read that correctly- one BILLION accounts.

As Yahoo previously disclosed in November, law enforcement provided the company with data files that a third party claimed was Yahoo user data. The company analyzed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data. Based on further analysis of this data by the forensic experts, Yahoo believes an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts. The company has not been able to identify the intrusion associated with this theft. Yahoo believes this incident is likely distinct from the incident the company disclosed on September 22, 2016.

Yahoo believes that the information that was stolen consists of full names, email addresses, dates of birth, phone numbers, hashed passwords, and possibly security questions and answers as well.

Luckily, Yahoo does not store credit card or any other payment information in the system that was affected.

2016 seems to be the year of the “mega-breach” with us reporting on eight major breaches involving well-known companies. Big data is big money for attackers, so they set their sights on companies that tend to hold large amounts of personally identifiable data on their customers, such as Social Security numbers, birthdates, home addresses and even medical records. It’s easy for a cybercrime victim to report credit card fraud and just get a new card number. When it comes to a Social Security number, though, you are bound to it for life. And Social Security numbers open the door to all sorts of identity theft.

Norton Protects You Against Data Breaches

Norton makes it easy to have proactive protection against data breaches like these in place with Norton Identity Protection Elite. Norton helps monitor everything online about you--from financial accounts to social media and your credit report. Norton Identity Protection can even provide restoration services if you become a victim of identity theft.

What Yahoo is Doing to Protect Their Users

The company is currently identifying and notifying potentially affected users instructing them to change their passwords immediately. In addition to notifying users, they are removing any unencrypted security questions and answers from the affected accounts so cybercriminals cannot use those answers to break into users accounts.

How To Protect Your Accounts:

In situations like this, we cannot stress enough the importance of using safe and secure passwords.
Here are some tips on creating a secure password:

Use a random combination of at least ten symbols, letters, and numbers.

Don’t use the same password for multiple websites. Ever.

Don’t use words in your passwords- cybercriminals have programs that can crack those passwords in a heartbeat.

Don’t use any personal information in your password- not even your birthdate.

Do not open emails from unknown sources and delete anything that appears questionable.

Do not rely on security questions to protect your account/password. Most security questions are common across applications, and the answers are often found on public social media sites.

We understand that it can be hard to keep track of dozens of complicated passwords for multiple websites; however, cybercriminals count on password reuse in order to gain access to other accounts. One way to get around the annoyance of having to remember all of those unique passwords is using a secure password manager, such as Norton Identity Safe.

Another great way to protect your account is if the service offers two-step verification. Two-step verification is a method of verifying your identity in addition to your username and password. Two-factor authentication asks you to provide one of the following things:

Something you know – a pin number, password or pattern.

Something you have – an ATM or credit card, mobile phone or security token such as a key fob or USB token.

Something you are – Biometric authentication such as a voiceprint or fingerprint.

You can also visit Yahoo’s Safety Center page for more information on how to secure your account. Yahoo also offers a Yahoo Account Key, which is an authentication tool, similar to two-factor authentication as well.

I have the same question my pass words are on Norton Safe maybe one on google save which is not a security risk because the program is not containing a risk for me because it has in no turn no information not ready available.

Thanks Nadia Kovacs for the comprehensive update...I am one of the lucky ones that was NOT affected by Yahoos predicament as I did not have an account. For many years I rely on NORTON security and so far all is good! That is appreciated...thanks! Tibor

same here i havnt used my yahoo account probably since 2012 or 13.However i did get an email stating that someone has made an atempt to login on the 16th when I actually logged in on the 19th. So i would have gotten emails prior to the 16th ?

Yahoo clearly have their tongue in their cheek when making this announcement. They must have been aware of it at the time - the breach (or possibly a different one) affected XXX tens of thousands of customers of BT-Yahoo email. It created the largest-ever thread on that Community forum, with 98 pages, 974 posts and 18,828 views!

The funny (?) thing is that around that time Sky UK (part of Fox) announced it had cut it's link with the tech company providing their email (name forgotten) because they'd been hacked and so Sky were now moving everyone to Yahoo!!!

I dumped Yahoo many years ago and switched to MSN only to have my email account hacked at a later date. I now use Chrome and have been using Norton as long as I can remember. So far Norton has protected me. Kudos to Norton.

Unfortunately, changing our passwords at this point will only help with potential future breaches. As the report says...they already have our information. All we can do now is monitor our credit reports but since companies tend to make it easy to establish credit with the right information, we'll be putting in a lot of time and effort trying to clean up our reports. Until companies start taking these breaches seriously this is going to be the "norm" for us.

Funny how in the 21st century, companies still believe in paying to fix things instead of preventing it in the first place. We should be able to charge them for the time and effort we put into cleaning up their mess.

At the time, BTYahoo email customers had a way to check their log-in record that showed the country of origin of the log-in. Some users ask for problems though by having their email address in the traditional format of "first name.surnameATxyz.com". This makes it so much easier for them to be swamped with spam, phishing and worse. They then compound the problem by signing up to a forum with the same FirstnameSurname as their User name on that forum & then write asking for help with spamming etc.

So on this forum we see a new thread from eg JoeBloggs complaining of XX phishing/spam attacks every day on his eg outlook email account. Virtually telling everyone that his email address is likely to be joe.bloggsAToutlook.com.

If I see one of these I suggest to them that they change their email address to a phonetic version eg jay.bee or jaybee2017[AT] and also change their forum User name. Am I guilty of overkill?

I agree with XmasRose about companies failing to get their fingers out.

Oh and one more sermon - I predict that there'll be many PCs sold around now to people who've never used one before. Hopefully they'll be sensible and have Norton preinstalled or as part of the PC bundle. They'll feel confident seeing Norton2017 on the box but in most cases they won't be told by the retailer that Norton2017 was preinstalled or produced around June/July 2016 and that the very first thing they should do is to check for updates to it. I wasn't and that's how my first PC some years ago got infected.

How can I suggest to Norton that could do more to alert new customers to immediately check for updates?

PS I should have added that I'm still receiving "Help - stranded in XYZ airport after being mugged - please send money" emails (allegedly) from friends who only now are having their BTYahoo email account breached and used. At a rate of perhaps one per week. Worse still, two of them are Secretaries in large sporting organisations and frequently email up to one hundred members using To and not BCC!

About the Author

I began my career in the computer hardware industry as an Apple Genius, which allowed me to gain a vast knowledge of consumer technology and issues. At Norton, I am able to integrate my passion for technology and my passion for helping educate consumers about the evolving Internet threat landscape.